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TECHNICAL FIELD 

[0001] This invention relates to automated transaction machines. Specifically this 

invention relates to an automated transaction machine system and method that is 
capable of digitally signing electronic documents. 

BACKGROUND ART 

[0002] As an increasing number of individuals own or have access to personal computers, 
more and more individuals are generating electronic documents. Examples of 
electronic documents include electronically filed tax returns, contracts for goods or 
services ordered online through the internet, e-mail, word processing documents, or 
any other type of document that has a digital form. Some electronic documents are of 
a type that the individuals involved in generating, sending or receiving such 
documents might prefer to have the documents maintained as secure and confidential 
for long periods of time. 

[0003] Unfortunately, many personal computers have insecure configurations. With the 
increasing popularity of the Internet, many personal computers are vulnerable to 
being accessed remotely by hackers on the Internet. Further, many home personal 
computers are not configured with passwords and as a result anyone with physical 
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access to the personal computer such as a friend, a child care giver, or a relative may 
accidently or intentionally gain access to sensitive electronic documents. Although 
cryptography software exists to encrypt private electronic documents, many 
individuals do not have the technical skill to install and configure encryption software 
correctly on their personal computers. Consequently, there exists a need for a system 
and method of protecting personal electronic documents which can be more easily 
used by individuals. 

[0004] Electronic documents belonging to individuals are often stored on a hard drive of 
a personal computer. For example, consumer tax software typically generates 
electronic tax return documents which are stored on a hard drive. Word processors 
often store electronic document files in a common directory on a hard drive. E-mail 
received by and sent from a personal computer is also often stored on a hard drive. 
Unfortunately, over time personal computers may encounter software and/or 
hardware problems which destroy computer files stored on a hard drive. Unless the 
individual proactively and regularly performs backups of computer files located on the 
hard drive of their personal computer, important, difficult to replace, personal 
electronic documents may be lost due to a hardware or software problem. Even if the 
documents are backed-up on removable media such as a tape, portable disk or CD, 
the portable media itself may become corrupted, unreadable, obsolete, or lost. As a 
result, there exists a need for a system and method of storing important personal 
electronic documents which can preserve the integrity of the documents for long 
periods of time. 

[0005] With the enactment of electronic signature laws at the state and federal levels, 
individuals are likely to encounter more opportunities to generate and electronically 
sign electronic documents. Many electronic signature systems use public key 
encryption methods to generate and validate electronic signatures. When signing an 
electronic document an individual uses a secret private key to generate a digital 
signature for the electronic document. Such a private key is generally associated with 
a public key. Another party may use the public key to authenticate the electronic 
document and digital signature. Such public keys are often distributed as part of a 
digital certificate which is digitally signed by a trusted third party certificate authority. 
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[0006] Although the digital certificate and public key may be publicly disclosed to the 
world, the private key must remain a secret to prevent forgeries. When a person 
wishes to digitally sign a document, the user must employ a computer program which 
has access to the private key. As with encryption software, many individuals do not 
have the technical skill to successfully install and use digital signature programs on 
their personal computers. Consequently there exists a need for a system and method 
of digitally signing electronic documents which can be easily employed by individuals. 

[0007] In general, when a digital signature program belongs to a person using the 

program, that person may have reasonable assurance that the person's private key will 
be kept a secret by the program. In addition the person has reasonable assurance that 
the electronic document being signed corresponds to the electronic document that 
was read and reviewed by the person. Unfortunately, if the digital signing program 
belongs to an untrusted party, the individual has very little assurance that a private 
key inputted by the individual will remain a secret and/or that the electronic 
document that was read and reviewed by the individual is the actual document being 
I digitally signed. As a result there exists a need for a system and method of protecting 

the confidentiality of private keys used to digitally sign electronic documents. There 
also exists a need to provide a system and method of digitally signing electronic 
documents which provides additional assurance to individuals that the process is a 
safe substitute for signing paper documents. 

DISCLOSURE OF INVENTION 

[0008] It is an object of an exemplary form of the present invention to provide a system 
and method which can be easily employed by individuals for protecting electronic 
documents. 

[0009] It is a further object of an exemplary form of the present invention to provide a 
system and method of storing electronic documents which can preserve the integrity 
and confidentiality of the electronic documents for long periods of time. 

[001 0] It is a further object of an exemplary form of the present invention to provide a 
system and method which can be easily employed by individuals for digitally signing 
electronic documents. 
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[001 1 ] It is a further object of an exemplary form of the present invention to provide a 
system and method of protecting the confidentiality of private keys used to digitally 
sign electronic documents. 

[001 2] It is a further object of an exemplary form of the present invention to provide a 
system and method of digitally signing electronic documents which provides further 
assurance to individuals that digital signing of electronic documents is a safe 
substitute for signing paper documents. 

[001 3] Further objects of exemplary forms of the present invention will be made apparent 
in the following Best Modes for Carrying Out Invention and the appended claims. 

[0014] The foregoing objects may be accomplished in an exemplary embodiment by a 
system and method of storing and digitally signing electronic documents with 
automated transaction machines. An example of an automated transaction machine 
which may be used by individuals or users with exemplary embodiments includes an 
automated teller machine ("ATM"). ATMs enable customers to carry out banking 
transactions. Common banking transactions that may be carried out with ATMs 
include the dispensing of cash, the receipt of deposits, the transfer of funds between 

accounts, the payment of bills and account balance inquiries. The type of banking 
transactions a customer can carry out are determined by the capabilities of the 
particular machine and the programming of the institution operating the machine. 
Other types of automated transaction machines may allow customers to charge 
against accounts or to transfer funds. Other types of automated transaction machines 
may print or dispense items of value such as coupons, tickets, wagering slips, 
vouchers, checks, food stamps, money orders, scrip or travelers checks. For purposes 
of this disclosure references to an ATM, an automated transaction machine, or an 
automated banking machine shall encompass any device which carries out 
transactions including transfers of value. 

[001 5] An exemplary embodiment of the ATM may include at least one output device 

such as a display screen, audio system, and printer. The ATM may also include at least 
one input device such as a touch screen, function keys, keypad, keyboard, and/or card 
reader. The ATM may further include devices such as a dispenser mechanism for 
sheets of currency, a receipt printer mechanism, a card reader/writer, a depository 



AppJD=09683944 



Page 4 



mechanism and other transaction function devices that are used by the machine in 
carrying out transactions including transfers of value. 

[0016] The ATM may include or be in operative connection with at least one computer. 
The computer may be in operative connection with the output devices and the input 
devices, as well as with the transaction function devices in the machine. The computer 
may include software components and programs that are executed therein, in an 
exemplary embodiment, at least one software component may be operative to cause 
the computer to provide a user interface through the display device or other output 
device of the machine, which enables users to store and retrieve electronic documents 
from a digital safe deposit box or account associated with the user. In one exemplary 
embodiment a digital safe deposit account includes an amount of file storage space 
maintained by a storage server in operative connection with the ATM. The exemplary 
ATM is operative to communicate with the storage server and cause the storage server 
to maintain electronic documents which are stored in association with the user's 
digital safe deposit account. In one exemplary embodiment, the ATM is operative to 
have the storage server store, retrieve, copy, and delete electronic documents stored 
in the user's digital safe deposit account. In addition the exemplary storage server is 
configured with operative hardware, software, and backup technology to preserve the 
integrity of the electronic files for long periods of time. Exemplary embodiments of 
the storage server are also operative to encrypt the electronic documents such that 
only authorized individuals may access the electronic documents. 

[001 7] Exemplary embodiments of the ATM may enable a user to retrieve an electronic 
document from an external source and store the retrieved document in the user's 
digital safe deposit account. External sources for example may include a portable 
storage medium such as a CD, a portable computing device such as a mobile phone, 
and /or a network accessible storage location. In exemplary embodiments, the ATM 
includes a portable storage medium reading device that is operative to read electronic 
documents from a portable storage medium. Examples of portable storage medium 
reading devices for use with exemplary embodiments include portable hard drive 
readers such as an Iomega Jaz ® drive; magneto optical drives such as an Iomega Zip 
® drive; flash memory drives for writing to flash memory devices such as 
CompactFlash and Sony Memory Stick ® ; PC Cards interfaces; CD drives, DVD drives; 
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Mini-CD drives; smart cards; floppy disk drives; and digital tape drives. 

[0018] The exemplary ATM may further enable users to view and/or listen to the contents 
of electronic documents through an output device of the machine. The exemplary 
ATM for example, may include document output software components which may be 
operative to cause the computer of the ATM to output corresponding visual 
representations of the electronic documents through a display device of the ATM. 
Examples of document output software components which may be operatively used 
with exemplary embodiments include an Adobe ® PDF viewer, HTML or XML browser, a 
word processor, or any other software application which is operative to read or access 

Q . 

!~S an electronic document and output a visual representation of the accessed electronic 

fl document. The exemplary ATM may further include document output software 

W 

|y components that are operative to output audible representations of the electronic 

it documents through an audio device of the ATM. For example, electronic documents 

*S may include text which is both displayed through a display screen and converted into 

P| audible speech which is outputted through speakers of the ATM. Also, the ATM may 
further be operative to print a visual representation of the electronic document 

CI- 

111 through a printer device. 

n 

111 [001 9] In an alterative exemplary embodiment, users may have access to electronic 

documents stored in the digital safe deposit account through a public network such as 
the Internet. In one exemplary embodiment, the present invention may enable users 
to choose to add Internet access to their digital safe deposit account in addition to 
ATM access to their digital safe deposit account. Users may or may not enable Internet 
access depending on the sensitivity and type of electronic documents stored in the 
digital safe deposit account. 

[0020] 

An exemplary ATM may be operative to digitally sign electronic documents. In one 
exemplary embodiment, the ATM may include digital signature software components 
which are operative to sign electronic documents using public key cryptography 
algorithms and protocols, or other digital signature algorithm and protocol. For 
example, the exemplary digital signature software may be operative to sign electronic 
documents using a private key associated with the user. In one exemplary 
embodiment the private key may be stored by a storage server in association with a 
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digital safe deposit account of the user. After authenticating the user, the exemplary 
ATM may be operative to cause an electronic document to be digitally signed using 
the private key securely stored by the storage server. Once an electronic document 
has been caused to be signed by the exemplary ATM, the ATM may be operative to 
send the signed electronic document to a location of the user's choosing such as the 
digital safe deposit account associated with the user or an external source such as a 
portable storage medium, portable computing device and/or network accessible 
storage location. 

[0021] In some exemplary embodiments, the exemplary ATM may be operative to sign 
electronic documents with a private key of a user that is stored on an external source 
such as a portable computing device. For example, the private key of the user may be 
securely stored on a smart card. An exemplary embodiment of the ATM may include a 
smart card reader which is operative to communicate with the smart card for purposes 
of signing an electronic document. 

[0022] The exemplary storage server or an external source such as a smart card, may 
require a password or biometric data from the ATM prior to enabling a digital 
signature to be generated using the private key of the user. The exemplary ATM may 
include input devices such as a keypad or a biometric reading device which a user may 
use to input a required password such as a PIN, or biometric data. 

[0023] 

In one exemplary embodiment, the ATM may be operative to retrieve the private 
key from the storage server or an external device for purposes of generating the 
digital signature with the ATM. In some exemplary embodiments, the system may be 
configured such that the ATM does not require that the private key be retrieved by the 
ATM. In this exemplary embodiment, the ATM is operative to generate a one-way 
hash of the electronic document such as a message digest, cryptographic checksum, 
message integrity check, or manipulation detection code. The one-way hash may then 
be forwarded to the storage server, smart card, or other secure external source which 
has secure access to the private key. The storage server, smart card, or other secure 
external source may then generate a digital signature responsive to the one-way hash, 
private key and the appropriate encryption or digital signature algorithm. The storage 
server, smart card, or other secure external source may then return the digital 
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signature to the ATM. The ATM may then attach the digital signature to the electronic 
document prior to storage in the digital safe deposit account or prior to sending the 
electronic document to an external source. 

[0024] In an exemplary embodiment, the ATM may forward the electronic document to 
the storage server, smart card, or other external source. In this embodiment the 
storage server, smart card, or other external source is operative to generate the digest 
and the corresponding digital signature from the received electronic document and 
then forward the digital signature and/or electronic document back to the ATM. It is 
to be understood that exemplary embodiments encompass the use of any digital 
signature algorithm and key management system which is operative to enable an ATM 
to securely sign electronic documents. Examples of cryptographic algorithms which 
may be used with the present exemplary invention include RSA and DSA. 

[0025] In some exemplary embodiments, the digital safe deposit account and/or a user's 
private key may be associated with a banking or other financial account of the user 
such as a checking account, savings account, debit account and/or credit account. A 
user may access the digital safe deposit account and/or digital signature features of 
the exemplary ATM by inserting an ATM card, bank card, credit card, or any other card 
which is associated with the user's financial account. After a user inputs a 
corresponding password such as a PIN or biometric information into an input device 
of the ATM, the exemplary ATM may be operative to enable the user to select 
transaction functions of the ATM such as the dispensing of cash, transfers, deposits, 
bill payment, and balance inquiry. In addition the exemplary ATM may be operative to 
enable the user to display and digitally sign electronic documents with a private key 
associated with the user's financial account. Further, the exemplary ATM may be 
operative to enable the user to access and maintain electronic documents stored in a 
digital safe deposit account which is associated with the user's financial account. 

[0026] 

In embodiments where a user's digital safe deposit account and/or private key is 
not associated with a financial account card, a user may be issued a digital safe 
deposit account card with machine readable indica thereon which corresponds to the 
user's digital safe deposit account. ATMs of exemplary embodiments may be operative 
to enable a user to access his/her digital safe deposit account and sign electronic 
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documents responsive to reading the machine readable indicia from the digital safe 
deposit account card. 

[0027] In addition, the exemplary ATM may be operative to enable a user to generate 

private and public keys for digitally signing electronic documents. Also, the exemplary 
ATM may be operative to enable a user to acquire and/or purchase a digital certificate 
such as an X.509 certificate using the ATM. The exemplary ATM may be in operative 
connection with a certificate authority and may be operative to send the certificate 
authority sufficient information to enable the certificate authority to generate and 
issue the certificate to the user. Such digital certificates may be used to authenticate 
the user f s digital signature created using the exemplary ATM. The exemplary ATM 
may be operative to store the digital certificate in the user's digital safe deposit 
account and/or in association with the user's financial account. As with other 
electronic documents, the exemplary ATM may be operative to send the digital 
certificate to an external source of the user's choosing. When signing an electronic 
document, the exemplary ATM may be operative to associate the digital certificate 
with the signed electronic document. Other parties may use the digital certificate to 
authenticate the digital signature of the electronic document. In this described 
exemplary embodiment, the ATM may be operative to cause the costs associated with 
purchasing a digital certificate to be charged against the financial account of the user 
or another party. If the user already has a digital signature, an exemplary embodiment 
may be operative to retrieve the digital certificate from an external source selected by 
the user. The exemplary ATM may be operative to associate a retrieved digital 
certificate with electronic documents being signed by the ATM. The exemplary ATM 
may further be operative to have the exemplary storage server store the retrieved 
digital certificate in the digital safe deposit account of the user and/or in association 
with a financial account of the user. 

[0028] As discus^ previously, the exemplary ATM may be operative to read the 
electronic document and output through a display device of the ATM a visual 
representation of the electronic document. In addition, the exemplary ATM may 
further be operative to enable a user to input through an input device of the ATM, 
information into the electronic document. For example, an electronic document such 
as a contract may include fields for entering the names of the contracting parties, a 
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description of the goods, and an amount of consideration being paid for the goods. 
The exemplary ATM may be operative to enable a user to input or select text, 
numbers, and other information for incorporation into the electronic document prior 
to signing the document. In addition exemplary embodiments of the ATM may be 
operative to access a data store of user information. Such a data store may be used to 
retrieve information for automatically populating input fields of an electronic 
document being viewed and edited by the ATM. 

BRIEF DESCRIPTION OF DRAWINGS 

[0029] Figure 1 is a schematic view representative of a first exemplary embodiment of an 
ATM. 

[0030] Figure 2 is a schematic view representative of an exemplary embodiment of a 
system for storing and digitally signing electronic documents with an ATM. 

[0031] Figures 3-8 are schematic views representative of exemplary embodiments of user 
interface screens of an ATM. 

[0032] Figures 9-14 are schematic views representative of exemplary embodiments of 
ATM systems for digitally signing documents. 

[0033] Figure 1 5 shows a schematic view of a document signing system of a further 
exemplary embodiment. 

[0034] Figure 1 6 shows a top plan view of an exemplary embodiment of a portable 
machine that is operative to digitally sign electronic documents. 

[0035] Figure 1 7 shows steps for an exemplary embodiment of a method for signing 
electronic documents. 

[0036] Figure 1 8 shows a schematic view of a document signing system of a further 
exemplary embodiment. 

[0037] Figure 19 shows an exemplary embodiment of a user interface screen of an ATM. 

BEST MODES FOR CARRYING OUT INVENTION 

[0038] 

Referring now to the drawings and particularly to Figure 1 , there is shown therein 
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a schematic view of an exemplary automated transaction machine, ATM 10 of an 
exemplary embodiment. The ATM 1 0 may include at least one computer processor 1 2 
and a plurality of software components 1 1 . The computer processor 1 2 may be 
operative responsive to the software components 1 1 to control the operation of the 
ATM. In the exemplary embodiment the computer processor 1 2 may be operatively 
programmed to enable the ATM to perform at least one of the following functions: at 
least one banking transaction such as the dispensing of cash; the storage and retrieval 
of electronic documents; and/or the digital signing of electronic documents. 

[0039] To perform these functions the ATM may further include in operative connection 
with the computer processor 1 2, at least one output device 14 such as a display 
device 1 8, at least one input device 1 6, and a card reader 20 which also serves as an 
input device. In some embodiments, the ATM may also include in operative connection 
with the computer processor 1 2, one or more transaction function devices. 
Transaction function devices may include for example a cash dispenser 24, a 
depositor 22, a receipt printer 25 and other devices. The ATM 10 may further be 
operative to communicate with at least one financial transaction processing computer 
or system which is operative to carry out financial transfers and authorizations, which 
in this example is host banking system 30. ATM 1 0 also may be enabled to 
communicate with at least one storage server 32. In the exemplary embodiment the 
storage server 32 may be in operative communication with at least one data store 34. 
Also in an exemplary embodiment, the ATM 10 may be operative to communicate with 
the at least one storage server 32 through communication with the host banking 
system 30. 

[0040] | n Qne exemplary embodiment the storage server may be responsive to a plurality 
of ATMs 10 to securely store and maintain a plurality of electronic documents 42 in 
digital safe deposit boxes or accounts 40. Such digital safe deposit accounts may 
correspond to individual file storage locations on the data store 34. The electronic 
documents 42 may include for example digital representations of physical documents, 
word processing documents, HTML files, XML files, other markup language 
documents, Acrobat ® PDF files, spreadsheet files, digital certificates, image files, 
sound files, audio visual files, source code files, application specific storage files, 
electronic voting ballets, or any other type of digital file which is operative to store 
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information in a computer readable format. A user may establish one or more digital 
safe deposit accounts 40 and use an ATM 1 0 to store and maintain electronic 
documents 42 in association with his/her digital safe deposit account. 

[0041] The exemplary embodiment of ATM 1 0 may be operative to display the viewable 
contents of an electronic document on the display device 1 8 and enable a user to 
digitally sign the electronic document. In many digital signature algorithms, the signer 
must use secret information such as a private key to generate the digital signature. In 
one exemplary embodiment, a user's private key 44, may be stored in a user's digital 
safe deposit account or stored in association with a user's digital safe deposit account 
40. In exemplary embodiments, a user's private key 44 may further be stored in 
association with a user's financial account such as a credit card account, debit card 
account, checking account, savings account or any other financial account of the user. 
In addition, as will be further discussed below, exemplary embodiments of the ATM 
1 0 and/ or storage server 32 may be operative to digitally sign electronic documents 
using the private key 44 associated with the user's digital safe deposit account 40 
and/or a financial account. 

[0042] It should be understood that the ATM 1 0 is an exemplary embodiment and in 

other embodiments automated transaction machines may include other or additional 
devices and may operate in other types of systems. For example, embodiments may 
include in operative connection with the computer processor 1 2, a data store 
including a storage device drive 26, and a communication port 28 which serves as an 
input/output device. The storage device drive 26 serves as a data store and enables 
the computer processor to read and/or write electronic documents to an external 
source 56 such as portable storage medium 36. The communication port 28 enables 
the computer processor to read and/or write electronic documents to external sources 
56 such as a portable computing device 38 or a network accessible storage location 
58. 

[0043] 

Figure 2 schematically shows an exemplary embodiment of the ATM 10 that may 
be operative to store and maintain electronic documents 42 in a digital safe deposit 
account 40. The exemplary embodiment of the ATM 1 0 may include a display device 
18 such as a CRT monitor or LCD display. The display device may be operative 



App_ID=09683944 



Page 12 



responsive to the computer processor to output user interface indicia 46. The user 
interface indicia may include instructional outputs for operating the ATM as well as 
content indicia which are representative of lists of electronic documents that may be 
accessed by the ATM 1 0 or portions of an electronic document which are operative to 
be viewed on the display device 1 8. Some exemplary embodiments may further 
include other output devices 1 4 such as a sound system 1 9 that is operative to output 
audio content that corresponds to an electronic document. For example when an 
electronic document includes audio information such as an MP3 file, an ATM 1 0 may 
be operatively programmed to cause the sound system to output sound in response to 
the MP3 file. In addition, if the electronic document includes language information 
t such as text, an exemplary embodiment may include a speech synthesizer device or 

1 software that is operative to read the language information to a user by outputting 

I 

I spoken words through the sound system of the ATM 1 0. 

1 : 

S [0044] The exemplary embodiment of the ATM 10 may also include at least one input 

device 1 6 such as a keypad 50 or selection buttons 52. The input device(s) such as a 
\ keypad 50 and selection buttons 52 may enable users to enter operational inputs such 

!| as a personal identification number (PIN) corresponding to an account, an amount of 

tjj cash to withdraw, or a selection of a particular electronic document to view, store 

II and/or digitally sign. Some exemplary embodiments of the ATM 1 0 may further 
include a biometric reading input device 54 such as a fingerprint reader, iris scanner, 
retina scanner, voice recognition device, facial recognition reader or other device 
which is operative to enable a user to input user identifying biometric information. 
Such identifying biometric information may be used by an exemplary embodiment of 
the ATM 1 0 to further authenticate a user prior to enabling the user to perform 
transaction functions, access a digital safe deposit account, and/or digitally sign an 
electronic document. 

[0045] ]n exem p| ar y embodiments, the ATM may include other or additional types of 
input devices for entering information, such as a touch screen device, a speech 
recognition system, a track ball, and/or a digitizing signature pad 53. The digitizing 
signature pad 53 is operative to produce a digital representation or scan of a 
handwritten signature drawn on the pad 53 with a pen or an inkless stylus 55. Such a 
digitized scan of the handwritten signature may be captured by the ATM 1 0 and 
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integrated into electronic documents that are digitally signed by the ATM. 

[0046] As discussed previously, the ATM 1 0 may include a card reader 20. The card 

reader 20 may be operative to read indicia corresponding to account information or 
other information from a user's card. The card may be a bank card, credit card, debit 
card, gas card, merchant card, smart card, or other medium that is operative to store 
account data and/or other information which may be used to identify a user or their 
accounts. Such account data may include an account number of a checking, savings, 
debit, credit, or other banking or financial account. Such account data may further 
include data representative of a digital safe deposit account of the user. 

[0047] In one exemplary embodiment, a digital safe deposit account, a private key 44, 
and/or a digital certificate 45 may be associated with a financial account 48 of the 
user. When the user uses the exemplary ATM 1 0 with a card associated with the 
financial account 48, the exemplary ATM may be operative to automatically provide 
the user with access to the user's associated digital safe deposit account 40, private 
key 44, and/or digital certificate. For example, when a user inserts a credit or debit 
card in the card reader 20, the exemplary ATM may be operative to read the credit or 
debit account number from the card. This number may be used by the ATM to access 
the financial account through communication with the host banking system 30. In one 
exemplary embodiment, the private key of the user may be directly associated with 
the financial account of the user and the ATM is operative through communication 
with the host banking system to cause an electronic document to be digitally signed 
responsive to the private key associated with the financial account. In some 
embodiments, the user's digital safe deposit account 40 may be associated with the 
user's financial account 48 and the ATM may be operative to receive access to the 
digital safe deposit account 40 through communication with the host banking system. 

[0048] 

An exemplary embodiment of the ATM 1 0 may be operative to dispense a selected 
amount of cash to the user from the cash dispenser 24, and to debit a banking or 
financial account through communication with a financial transaction computer such 
as the host banking system 30. The exemplary ATM 10 may be configured to debit 
user fees from a financial account of the user for storing, viewing, and digitally 
signing electronic documents with the ATM. The ATM may further be configured to 
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debit user fees from a financial account of a further party or entity which may be 
associated with the electronic document being viewed, stored, and/or digitally signed 
by the ATM. 

[0049] The exemplary embodiment of the ATM 1 0 may include a storage device drive 26 
such as a CD drive which is operative to accept a portable storage medium 36 such as 
a read-only, write-once or rewriteable CD. The exemplary embodiment of the ATM 1 0 
is operative to cause the storage device drive 26 to read electronic documents from 
the portable storage medium 36. The read electronic documents may be viewed on 
the display screen 1 8 of the ATM 1 0 and/or transferred to a digital safe deposit 
account 40, In addition the exemplary ATM may further be operative to retrieve 
electronic documents stored in the digital safe deposit account 40, view them on the 
display device 1 8 and/or cause the storage device drive 26 to record the electronic 
document to the portable storage medium 36. Examples of other types of storage 
device drives that may be used with embodiments include portable hard drive readers 
such as an Iomega Jaz ® drive; magneto optical drives such as an Iomega Zip ® drive; 
flash memory drives for writing to flash memory devices such as CompactFlash and 
Sony Memory Stick ® ; DVD drives, Mini-CD drives, and digital tape drives. 

[0050] Some embodiments may include one or more communication ports 28 that are 

operative to retrieve and record electronic documents to a portable computing device 
such as a mobile phone 38 or a network accessible storage location 58 associated 
with a customer selected or inputted URL, e-mail address, or other network address. 
Examples of suitable communication ports 1 8 may include a Universal Serial Bus (USB) 
port, a serial RS-232 port, parallel port, an infrared (IR) port, a radio frequency (RF) 
port such as Bluetooth, an IEEE-1 394 port, or a network port such as a wired Ethernet 
or wireless Ethernet (IEEE-802.1 1 x) connection. Examples of other types of portable 
computing devices that may be accessed with embodiments of the ATM 10 include a 
portable computer such as a notebook computer and a personal digital assistant 
(PDA). 

[0051] 

The exemplary embodiment of the ATM 1 0 may further include a fascia 59 
through which the one or more of the input devices, display devices, and transaction 
function devices are accessible to a user. The ATM 1 0 may further include a visible 
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indicia 57 adjacent the fascia 59 of the ATM, visible on the display screen or otherwise 
communicated to a user of the machine. The visible indicia 57 may include a logo, 
design, or text that serves as a source indicator mark for a digital signature service or 
network. Such a mark may correspond to a service mark of the entity that operates the 
servers, data stores, host systems, and/or network through which the ATM 1 0 
communicates to produce electronic signatures for an electronic document displayed 
by the ATM 1 0. Such indicia may be visually similar to indicia on a card of the user, so 
that the user can quickly determine that the ATM is capable of digitally signing 
documents using the card of the user. Such indicia may also serve to confirm to the 
user that the ATM is associated with a third party and independent digital signature 
yj service or network that can be trusted to accurately display the electronic document 

{a and to secure| y digitally sign the electronic document for the user. 

i| [0052] Figures 3-8 show examples of user interface screens of an exemplary 

II embodiment of the ATM 1 0. Figure 3 shows an example of a user interface screen 1 00 

L which ATM 1 0 may be operative to cause to be output through the display device 1 8. 

lij In one exemplary embodiment user interface screen 100 may be displayed after a user 

J=j activates the ATM 1 0 by placing a card into card reader 20 and inputting a PIN into the 

13 keypad 50. User interface screen 1 00 may include a plurality of user selectable 

h} functions 102 which include the option of withdrawing cash 104 from the cash 

dispenser 24; the option of depositing a check 1 06 with the depositor 22; the option 
of transferring value between accounts 108; and the option of viewing an electronic 
document 1 1 0 with display device 1 8. Each of these selectable functions 1 02 may be 
adjacent a different selection button 52, which when pressed are operative to cause 
the ATM 10 to proceed with the corresponding function 102. 



[0053] 



In one exemplary embodiment, when a user selects the option to view an 
electronic document 1 1 0, the exemplary ATM 1 0 may be operative to cause the user 
interface screen 1 20 shown in Figure 4 to be output through the display device 1 8. 
Here the user interface screen 120 may include a plurality of selection functions 122 
which correspond to different sources for retrieving electronic documents to view. In 
the presently described example, selection functions 122 may include the option to 
select electronic documents from a digital safe deposit account 1 24; the options 126- 
1 30 for selecting electronic documents from the external sources of a zip disk, local 
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network which may include portable computing devices such as the user's PDA, and a 
secure internet/ intranet site. 

In response to a user selecting one of these electronic document sources, an 
exemplary embodiment of ATM 1 0 may be operative to cause the output of the user 
interface screen 140 shown in Figure 5. The user interface screen 140 may include a 
listing of electronic documents 142 that the ATM 10 has determined are present at 
the electronic document source selected with user interface screen 1 20. In response 
to a user selecting one of the listed electronic documents 142, an exemplary 
embodiment of the ATM 1 0 may be operative to cause the selected electronic 
document to be viewed through the display screen 1 8. Figure 6 is representative of an 
example of a user interface screen 1 60 which includes indicia representative of a 
selected automobile loan electronic document 162. 

Exemplary embodiments of the ATM 10 may further include functionality for 
enabling the user to edit the displayed electronic document 1 62. For example in one 
exemplary embodiment, the ATM 10 may include software components for displaying 
through the output device 1 8 electronic documents which include HTML, DHTML, XML, 
Active X, .Net objects, plugins, Java script, and/or Java applets associated with the 
electronic document. Such features may generate input or selection fields on the 
display device, which can be completed or modified by operating the input devices of 
the ATM 10. 

[0056] 

To further aid a user with the completion of fields in an electronic document, an 
exemplary ATM may further be operative to retrieve relevant information for 
completing input fields of an electronic document from a data store of stored user 
information. The stored user information may be associated with the user's financial 
account and/or digital safe deposit account. The exemplary ATM may use the stored 
user information to automatically complete input fields of an electronic document. For 
example, the electronic document may include an input field labeled 
u ship_to_address." The stored user information may include address information 
which is associated with the description "shipjto.address." The exemplary ATM may 
be operative to retrieve matching user information from the data store and insert the 
matching user information in the input fields of the electronic document. When the 
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user manually inputs information into an electronic document, exemplary 
embodiments of the ATM may further be operative to store the inputted information 
in the digital safe deposit account or other data store for later use with completing 
similarly labeled fields. 

[0057] Once a user has completed reviewing and/or editing an electronic document, the 
exemplary embodiment of the ATM 1 0 may be operative to display a further user 
interface screen 1 70 as shown in Figure 7. User interface screen 1 70 may include a 
plurality of selectable functions 1 72 including the option to review the electronic 
document 1 74; the option to digitally sign the electronic document 1 76; the option to 
send the electronic document to another location 1 78; and the option of deleting the 
electronic document 1 80. In the described embodiment of ATM 1 0, the option to 
delete an electronic document 1 80 may be generally available when viewing an 
electronic document located in the user's digital safe deposit account. 

[0058] When a user selects the option to digitally sign an electronic document 1 76, the 
exemplary embodiment of the ATM 1 0 may be operative to have a digital signature 
generated and attached to either the original or a copy of the electronic document. 
Exemplary embodiments may be operatively programmed to generate a digital 



y signature using any digital signature algorithm and protocol. Examples of digital 

fIJ 

signature cryptography algorithms available for use with the present invention may 
include RSA and DSA. In the exemplary embodiment an electronic document may be 
signed using a private key associated with the user. The digital signature may be 
verified at a later time by using a public key of the user which corresponds to the 
private key. Such a public key may be retrieved from a digital certificate of the user, in 
exemplary embodiments, the ATM may be operative to cause the digital certificate 
associated with the user to be attached to the electronic dorument when the 
electronic document is digitally signed. Also the ATM may be operative to cause the 
digital certificate associated with the certificate authority that signed the user's digital 
certificate to be attached to the electronic document. 



[0059] 



For a digital signature to correspond to a legally binding signature of the user, the 
user may need to show his/her manifestation of intent to use a digital signature as a 
legally binding electronic signature. As a result, exemplary embodiments of the ATM 
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10 may provide additional user interface screens which require a user to affirmatively 
show such a manifestation of intent to create a legally binding electronic signature. 
For example, as shown in Figure 1 9, the ATM may output a user interface screen 1 82 
which prompts the user to make an affirmative confirming input with an input device, 
that represents the intent of the user to create a legally binding electronic signature. 

Some exemplary embodiments of the ATM 10 may cause a declaration to be 
attached to the electronic document that includes a statement that the user has 
affirmatively shown his intent to create a legally binding electronic signature with the 
generation of the digital signature. The ATM 1 0 may further cause such a statement 
and/or the entire electronic document to be digitally signed or digitally notarized by a 
further entity which affirms that the user provided an input to the ATM which 
represents the user's intent to create a legally binding electronic signature. The 
declaration and/or the electronic document may also be associated with a digital time 
stamp representative of the time the intent of the user was shown and/or when the 
digital signature was created. Such a digital time stamp may be obtained by the ATM 
communicating with a digital time stamping server. 

In some exemplary embodiments, the ATM 1 0 may prompt the user to hand write 
his/her signature on a digitizing signature pad. The ATM 1 0 may generate a digitized 
representation or scan of the handwritten signature in the form of a bitmap or vector 
drawing. The digitized representation of the written signature may then be 
incorporated into the electronic document by the ATM. A displayed or printed view of 
the electronic document may then include a visual representation of the customer's 
written signature. 

[0062] 

When a user selects the option of sending an electronic document to another 
location 1 78, one exemplary embodiment of the ATM 1 0 may be operative to generate 
the user interface screen 1 90 as shown in Figure 8. User interface screen 1 90 may 
include a plurality of selection functions which correspond to different locations 1 92 
to send a copy of the original or signed electronic document. In the presently 
described example, the selection functions 1 92 may include the option to send the 
electronic document to the digital safe deposit account 1 94, the options 1 96-200 to 
send the electronic document to the external sources of a zip disk, local network, and 
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a secure internet/intranet site. 



[0063] In one exemplary embodiment, the digital safe deposit account is associated with 
the private key of the user. In such embodiments the exemplary ATM 1 0 may include 
further user interface screens which enable a user to generate a private and public key 
set which may be associated with and/or stored in the user's digital safe deposit 
account. The private key may be used by the exemplary embodiment to sign 
electronic documents for the user. 

[0064] Referring back to Figure 1 , exemplary embodiments of the ATM 1 0 may further be 
in operative connection with a certificate authority 60. The exemplary ATM 1 0 may be 

£9 

# operative to communicate with a certificate authority for purposes of creating a digital 

^ certificate such as an X.509 certificate which may be attached to the electronic 

|=| document for purposes of authenticating the digital signature created by a user. The 

J exemplary ATM 1 0 may be operative to send the certificate authority information 

*S which identifies the user and a copy of the user's public key. In response, the 

q certificate authority may be operative to generate and return a signed digital 

pj certificate which includes the identifying information and the user's public key. The 

|f! digital certificate may then be attached to the electronic document by the ATM 1 0, 

'if '"1 ' 

jjj stored in association with or in the user's digital safe deposit account and/or sent to 

an external source selected by the user. The ATM 1 0 may also receive a copy of the 
digital certificate associated with the certificate authority that issued and signed the 
user's digital certificate. Such a digital certificate of the certificate authority may also 
be attached to the electronic document, stored in association with or in the user's 
digital safe deposit account and/or sent to an external source selected by the user. 

[0065] 

Figures 9-14 are schematic views of a plurality of different embodiments. Figure 9 
shows an exemplary embodiment of an ATM 300 that may be operative to 
communicate with one exemplary embodiment of a storage server 302. Here the 
storage server may be operative to securely store private keys 304 associated with a 
plurality of different users. The exemplary private keys may be stored in association 
with digital safe deposit accounts and/or financial accounts such as a checking or 
savings account. In this described embodiment the ATM 300 may be operative to send 
an electronic document 306 associated with a user using the ATM 300 to the storage 



App_ID=09683944 



Page 20 



server 302. The storage server includes digital signature software 308 which may be 
operative to generate a digital signature 31 0 for the electronic document 306 using 
the private key 304 associated with the user, The storage server may then attach the 
digital signature to the electronic document and return the signed electronic 
document to the ATM 300 or the storage server may only send the digital signature 
3 1 0 to the ATM 300. The exemplary ATM 300 may then attach the digital signature 
310 to the electronic document 306 and forward the signed electronic document to a 
selected destination location chosen by the user. 

[0066] In the exemplary embodiment, the digital signature software may include the RSA 
algorithm. However in some exemplary embodiments, the digital signature software 
may include other or additional digital signature software/hardware. In embodiments 
where the server includes more than one type of digital signature software/ hardware, 
the exemplary ATM 300 may be operatively programmed to enable users to select the 
type of digital signature they would like the ATM to generate for the electronic 
document. 

[0067] Figure 1 0 shows an exemplary embodiment of an ATM 320 that may be operative 
to communicate with an exemplary embodiment of a storage server 322. Here the 
storage server 322 may also be operative to securely store private keys 324 
associated with a plurality of different users. However, in this described embodiment, 
rather than sending the storage server 322 a complete copy of the electronic 
document 326, the exemplary ATM 320 may be operative to generate and send the 
storage server 322 a one-way hash 332 of the electronic document 326. The 
exemplary ATM 320 may include one or more one-way hash algorithms 334 which 
correspond to the digital signature protocols which the user wishes to use for signing 
his electronic document. For example, for generating digital signatures, exemplary 
one-way hash algorithm 334 of ATM 320 may include the one-way hash functions 
MD5 or SHA. 

[0068] 

Here the storage server 322 may include one or more encryption and/or digital 
signing algorithms 328 such as RSA which are operative to generate a digital 
signature 330 for the electronic document 326 using the one-way hash 332 and the 
private key 324 associated with the user. The storage server may then return the 
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digital signature 330 to the ATM 320 and the ATM 320 may attach the digital 
signature 330 to the electronic document 326. 

[0069] Figure 1 1 shows an exemplary embodiment of an ATM 340 that may be operative 
to communicate with an alterative exemplary embodiment of a storage server 342. 
Here the storage server 342 may also be operative to securely store private keys 344 
associated with a plurality of different users. However, in this described embodiment, 
the storage server 342 may be operative to securely send a private key of a user to the 
ATM 340. The exemplary ATM 340 may include digital signature software 348 which 
is operative to cause the ATM 340 to generate a digital signature 350 for an electronic 
document 346 of the user operating the ATM 340. 

■J [0070] Figure 1 2 shows an exemplary embodiment of an ATM 400 that may be operative 
to communicate with a portable computing device 402 associated with a user such as 
a smart card, PDA, or mobile phone. Here the portable computing device 402 may 
include at least one private key 404 associated with the user. In this described 
embodiment, after the user has viewed an electronic document 406 associated with 
the user, the ATM 400 may be operative to send the electronic document 406 to the 
portable computing device 402. The exemplary portable computing device may 
include digital signature software 408 which is operative to generate a digital 
signature 410 for the electronic document 406 using the private key 404 stored on 
the portable computing device. The portable computing device 402 may then attach 
the digital signature 410 to the electronic document 406 and return the signed 
electronic document to the ATM 400 or the portable computing device may only send 
the digital signature 41 0 to the ATM 400. The exemplary ATM 400 may then attach 
the digital signature 41 0 to the electronic document 406 and forward the signed 
electronic document to a selected destination location chosen by the user. 

[0071] 

Figure 1 3 shows an exemplary embodiment of an ATM 420 that may be operative 
to communicate with a portable computing device 422. Here the portable computing 
device 422 may also include at least one private key 424 of the user. However, in this 
described embodiment, rather than sending the portable computing device 422 a 
complete copy of the electronic document 426, the exemplary ATM 420 may be 
operative to generate and send the portable computing device 422 a one-way hash 
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432 of the electronic document 426. The exemplary ATM 420 may include one or 
more software components with one-way hash algorithms 434 that correspond to the 
digital signature protocols which the user wishes to use for signing his electronic 
document 426. Using the one-way hash algorithms 434, the ATM 420 may be 
operative to produce a one-way hash 432 of the electronic document 426 and forward 
the one-way hash 432 to the portable computing device 422. 

[0072] The exemplary portable computing device 422 may include one or more 

encryption and/or digital signing algorithms 428 which are operative to generate a 
digital signature 430 for the electronic document 426 using the one-way hash 432 
and the private key 424 associated with the user. The portable computing device 422 
may then return the digital signature 430 to the ATM 420 and the ATM 420 may 
attach the digital signature 430 to the electronic document 426. 

[0073] Figure 1 4 shows an exemplary embodiment of an ATM 440 that may be operative 
to communicate with an exemplary portable computing device 442. Here, the portable 
computing device 442 may include at least one private key 444 of the user. However, 
in this described embodiment, the portable computing device 442 may be operative to 
securely send the private key 444 of a user to the ATM 440. The exemplary ATM 440 
may include digital signature software 448 which is operative to cause the ATM 440 to 
generate a digital signature 450 for an electronic document 446 of the user operating 
the ATM 440. 

[0074] 

Referring back to Figure 1 , the exemplary storage server 32 may be operative to 
maintain an access log 62 in association with the digital safe deposit account 40 
and/or the financial account 48 of the user. The exemplary storage server 32 may be 
operative to store in the access log 62 a record of each attempted access of a user's 
digital safe deposit account 40 and/or use of the private key 44. If an imposter gains 
access to a user's digital safe deposit account and/or private key, the exemplary 
access log may be used to determine when and where the unauthorized access 
occurred. The exemplary access log may further include a record of which electronic 
document was signed by the system. The record for example may include the one- 
way hash of the electronic document. If an imposter uses the present exemplary 
system to digitally sign an electronic document, the access log may be reviewed to 
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determine what document may have been forged. 



[0075] Some exemplary embodiments of the ATM may be operative to encrypt electronic 
documents stored in the digital safe deposit account using a symmetrical encryption 
algorithm such as DES and a secret key. The exemplary ATM may be operative to 
enable a user to generate a secret key for encrypting electronic documents from a 
password or from biometric information inputted by the user into the ATM. To decrypt 
the electronic documents, the exemplary ATM may be operative to regenerate the 
secret key by prompting the user to re-enter the password and/or biometric data. 

[0076] In addition to causing an electronic document to be signed, an alterative 

exemplary embodiment of an ATM may be operative to digitally sign, notarize and/or 
cosign an electronic document using a private key associated with the ATM, storage 
server, digital signature service/ network, or a third party. For example, in addition to 
enabling a user to digitally sign an electronic document using his private key, the 
exemplary ATM may also cause the electronic document to be further digitally signed 
using a further private key not associated with the private key of the user. Such a 
further private key may be associated with an authorized notary public, a digital 
signature service, or another party to a transaction which is associated with the 
electronic document. The exemplary ATM may further attach the digital certificate 
associated with the further private key to the signed electronic document. Such a 
digital certificate can be used to verify the authenticity of the second digital signature. 
Also the digital certificates associated with the certificate authorities which issued and 
signed either or both of the user's digital certificate and a digital certificate of the 
notary public or other party may also be attached to the electronic document. 

[0077] 

In an exemplary embodiment, the ATM may be operative to attach a digital time 
stamp to the electronic document by including the current date and time in the 
electronic document prior to the electronic document being digitally signed by the 
user of the ATM. In some exemplary embodiments, the ATM may be operative to 
cause an electronic document to be digitally time stamped by a document time 
stamping entity or server. For example, the exemplary ATM may send a one-way hash 
of the electronic document to a time stamping entity. That time stamping entity would 
be operative to attach time data representative of the date, time and time zone at 
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which the time stamping entity received the one-way hash. The time stamping entity 
may then digitally sign the one-way hash and time data with a private key of the time 
stamping entity to form a digital time stamp. This digital time stamp may then be 
returned to the ATM along with a digital certificate of the time stamping entity. The 
ATM may then attach the digital time stamp and the digital certificate of the time 
stamping entity to the electronic document. In some embodiments, the digital time 
stamping entity may correspond to the same entity, service, or network that is 
operative to produce the digital signature for the user of the ATM. 

[0078] Figure 1 5 shows an example of a document signing system of one exemplary 
4! embodiment. Here the system 500 may include at least one ATM 510 that is operative 

61 to display and digitally sign electronic documents. The ATM 5 1 0 may further be 

a. ■ 

|7j operative to communicate with one or more servers 508 including servers associated 

M?? with a financial transaction processing system, host banking system, document 

j; processing system, or a digital signature service or network. 

U [0079] In addition the ATM 510 may be operative to receive electronic documents from at 

III 

CS east one P ersonal computer (PC) 512 or other computing devices through a wired or 

VJ : ---. wireless network 516. In this described embodiment, ATM 510 may include or be in 

D 

f|J operative connection with a shared or externally accessible network drive 514 that is 

operative to store incoming and outgoing electronic documents. Such a shared 
network drive may be segregated into one or more locations such as an "in-box" and 
an "out-box" storage area. 

[0080] 

The PC 512 may selectively be given permission to access the shared network 
drive 514 or a portion of the shared network drive such as an "in-box" associated with 
the ATM 510. Electronic documents created by the PC 51 2 may then be saved, 
exported and/or sent to the shared network drive 514 of the ATM 510. A user 
operating the ATM 510 may select commands of the ATM which cause the ATM to 
display and digitally sign electronic documents stored in the shared network drive 
514. Digitally signed versions of the electronic document may then be saved, 
exported, or sent to the shared network drive 5 1 4 or a portion of the shared network 
drive such as an "out-box" of the shared network drive 5 1 4. The PC 5 1 2 or another 
computing device may then retrieval the signed document from the shared network 
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drive 514. The ATM 510 may also be in operative connection with a printer 518 and 
may include selectable options for printing the digitally signed electronic document to 
the printer. 



[0081] Exemplary embodiments of the ATM 510 may include transaction function devices 
such as a cash dispenser and a depository device which enable the ATM to perform 
other types of transaction functions such as the dispense of cash and the deposit of 
checks. However, some exemplary embodiments of the ATM 510 may be configured 
in a different form such as a portable form which does not dispense cash or receive 
deposited checks. An example of such a portable form of an ATM is shown in Figure 
16. Here the exemplary embodiment of the portable ATM 520 may include a magnetic 
1 swi P e card reader 522 or other card reader, a display screen 524, and a digitizing 

signature pad 526. The exemplary ATM 520 may further include function keys 528 for 
providing inputs to the ATM. Further exemplary embodiments of the display screen 
524 may include a touch screen for providing inputs to the ATM and a communication 
device 527 such as a wireless or wired network interface. 

| [0082] Referring back to Figure 15, the exemplary embodiment of the ATM 510 may be 

J used by organizations which wish to offer users the ability to safely and securely 

1 

I digitally sign electronic documents. Such organizations may include banks, mortgage 

companies, title companies, S&Ls, insurance companies, car dealerships, leasing 
companies, universities, hospitals, government agencies, or any other organization 
that generates documents which require signatures by their customers. The 
exemplary ATM 5 1 0 provides the customers or clients of the organization or other 
users with a convenient method to view and digitally sign electronic documents. 

[0083] 

Figure 1 7 shows exemplary steps involved with the operation of the system 500. 
Here the method steps are described with respect to a car dealership; however, it is to 
be understood that the exemplary steps may also apply to any organization, entity, 
group or individual that wishes to have users digitally sign electronic documents. The 
method may begin in step 600 with a finance manager or other member of the 
organization preparing electronic documents which correspond to a car loan. Such an 
electronic document may include a word processing document, an Acrobat ® PDF 
document, extensible Markup Language (XML) document, or any other type of 
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document which may electronically represent a car loan. 

[0084] In an exemplary embodiment, the electronic document may conform to a 

standardized loan format. Such a format may include standardized XML tags which 
describe information about the Lendor, Lendee, and terms of the loan. Such tags may 
include for example the names and addresses of the parties, the loan amount, the 
loan duration, the interest rate and any other term or category of information that 
may be part of the loan. Once the document is created, the finance manager in step 
602 may save the electronic document to a storage location that is accessible to the 
ATM. For example, the finance manager may save the electronic document to the "in- 
box" associated with the ATM. 

[0085] In busy organizations which may process loan applications concurrently, multiple 
ATMs may be available for saving the electronic document. In such cases, the shared 
network drive may be associated with the name or identification of the particular ATM 
which is operative to access the electronic document from the shared network drive. 
Once the electronic document is saved to the storage location, the finance manager 
may direct the customer to begin using the particular ATM which is operative to 
retrieve the electronic document. 

[0086] Once the customer has access to the ATM, the customer may follow the 

instructions displayed through the display screen of the ATM. If the customer already 
has a digital safe deposit account, digital certificate, and/or private key associated 
with a financial account, the customer may be prompted by the ATM to insert or swipe 
a card that is associated with the digital safe deposit account, digital certificate, 
and/or private key. For example if the customer has a checking account or a credit 
card which is associated with a digital safe deposit account, the customer may in step 
604 insert or swipe his/her checking ATM card or credit card within the card reader of 
the ATM. 

[0087] )n response) the ATM may be operatjve to read the f jnancia | account number 
associated with the card in step 606 with the card reader and request that the 
customer input a PIN. In step 608 the customer may input a PIN through a keypad or 
through a touch screen which may be configured to display a visual representation of 
a keypad. In one exemplary embodiment, the PIN may correspond to the 4 digit PIN 
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associated with the customer's financial account, in other exemplary embodiments, 
the PIN may correspond to a different password stored in association with the 
customer's digital safe deposit account, digital certificate, and /or private key. Such a 
password may include four or more digits and/or alphanumeric characters. In other 
embodiments the ATM may prompt the user to provide biometric data as a password 
through use of a biometric reading device of the ATM. 

[0088] For ATMs that are operative to perform many different types of transaction 

functions, the ATM may display a user interface screen similar to screen 1 00 of Figure 
3 after the customer inputs a PIN. As discussed previously, user interface screen 100 
may include selectable functions 1 02 for withdrawing cash, depositing a check, 
transferring value between accounts, and viewing an electronic document. For ATMs 
such as the portable ATM 520 of Figure 1 6, the ATM may immediately retrieve the 
electronic document stored in the "in-box" associated with the ATM and display a user 
interface screen similar to screen 1 60 of Figure 6. If more than one electronic 
document is present in the "in-box" the ATM may display a listing of available 
electronic documents to choose from. In each case the exemplary ATMs may be 
operative to retrieve an electronic document in step 61 0 from the storage location and 
display a visual representation of the document in step 612. 

[0089] The customer may read through the document being displayed and make any 
necessary inputs of information that the electronic document may require. For 
example, the electronic document may include clauses which require a customer to 
affirmatively agree thereto. Such clauses may include user interface elements such as 
a checkbox, entry fields, and/or drop down list boxes which can be 
checked/unchecked, edited, and/or selected with the input devices of the ATM. 

[0090] 

Once the document has been reviewed and updated with any necessary customer 
supplied information, in step 614 the customer may provide an input representative of 
a command to digitally sign the electronic document. In response, the ATM may in 
step 61 6 prompt the customer to provide a further input that is representative of a 
confirmation by the customer that the digital signature is intended to be the 
customer's legally binding signature. For ATMs that include a digitizing signature pad, 
this confirming input may include having the customer draw his/her handwritten 
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signature on the digitizing signature pad. The digital scan of the handwritten 
signature may then be integrated into the electronic document prior to digitally 
signing the document. 

[0091] In response to receiving a confirming input, the ATM in step 61 8 may cause the 
electronic document to be digitally signed using a private key associated with the 
financial account read from the customer's card. Once the document has been 
digitally signed it may be associated with one or more digital certificates including the 
digital certificate associated with the financial account. Such a digital certificate 
includes the customer's public key which can be used to verify the digital signature on 
the electronic document. In other embodiments, the electronic document may include 
a serial number and/or a reference to an entity, address or URL where the customer's 
digital certificate may be retrieved to verify the digital signature. In some 
embodiments, the digital certificate of the certificate authority which issued and 
signed the user's digital certificate may be associated with the electronic document. 

[0092] Once the electronic document has been digitally signed, the ATM in step 620 is 
operative to send the signed electronic document to one or more specified output 
addresses. Such a specified output address may include the original storage location 
where the ATM retrieved the unsigned electronic document. Such a specified output 
address may include a portion of shared network drive which corresponds to an 
electronic "out box." Such a specified output address may correspond to a network 
address, e-mail address, data base, URL, or any other external storage location or 
communication system which is operative to receive an electronic document. For 
example, in one exemplary embodiment the specified output address may include a 
URL of a document processing server. For example, if the electronic document 
corresponds to a car loan, the specified output address may be a document 
processing server of a bank that is lending money to the customer to buy the car. 

[0093] 

Such a document processing server may verify the digital signature of the 
electronic document. If the signature is valid, the document processing server may 
parse the XML tags of the electronic document to determine the name and address of 
the party and the terms of the loan. Such information may then be integrated into the 
loan processing system of the bank to establish a loan account and to initiate 
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processes necessary to collect payments from the customer. In other exemplary 
embodiments, the specified output address may correspond to a loan processing 
system that is operative to securitize the loan for resale to another bank or other 
entity. In other exemplary embodiments, the specified output address may correspond 
to any system that is operative to store and/or process the signed electronic 
document. 

[0094] In one exemplary embodiment the specified output address may be a configurable 
parameter within the ATM. In other exemplary embodiments, the specified output 
address may be determined by the ATM from a parameter of the electronic document. 
For example, the electronic document may include an XML tag which includes an 
address for the specified output address. In exemplary embodiments where the 
- customer's financial account is associated with a digital safe deposit account, the ATM 
may further cause a copy of the signed electronic document to be stored in the 
customer's digital safe deposit account which may be associated with the customer's 
financial account. 

[0095] |n the exemp | ary embodiment, the ATM in step 622 may cause a digital signature 
processing fee to be assessed to a party associated with the electronic document. The 
exemplary ATM is operative to cause a financial transaction processing system such as 
a host banking system or other server to record information associated with the 
processing fee in a database, log, or journal for immediate or delayed settlement. In 
an exemplary embodiment, the processing fee may be charged to the financial 
account associated with the customer's card. In other exemplary embodiments, the 
processing fee may be charged to an account associated with the organization that 
prepared the unsigned electronic document. For example, the ATM may include a 
configuration parameter that corresponds to a financial account that may be assessed 
processing fees. In the case of a car dealership for example, the configuration 
parameter may include an account number associated with the car dealership or the 
bank providing the loan. In step 622 the ATM or the digital signature service or 
network servers associated with the ATM may communicate with a financial 
transaction processing system such as a host banking system to charge the 
processing fees to the account. In an exemplary embodiment, the electronic document 
may include an account number that is to be assessed the processing fees. For 
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example the electronic document may include an XML tag for a fee processing 
account. 

[0096] Also in some exemplary embodiments, the ATM may contact a financial 

transaction processing system such as a host banking system or other server to 
authorize the assessing of the processing fee to an account prior to digitally signing 
the document in step 61 8 or prior to sending the signed electronic document to a 
specified output address in step 620. If the account does not have sufficient funds to 
pay for the processing fee or otherwise is not able to accept a charge of a processing 
fee, the ATM may be operative to cancel the signing of the electronic document. The 
ATM may then output a visual message through the display screen of the ATM that 
indicates that the electronic document cannot be digitally signed. 

[0097] The specified output address may correspond to a storage location that is 

accessible to the organization which created the unsigned document. For example, 
with reference to a car dealership, the specified output address may include the 
network drive which is accessible to the finance manager. The manager may then 
cause the electronic document to be printed out so that a hard copy view of the 
electronic document may be given to the customer. In other embodiments, the ATM 
may be in operative connection with a printer and may include a selectable option for 
printing out a hard copy of the electronic document. 

[0098] In some exemplary embodiments where the electronic document was previously 
signed by one or more further parties, the ATM may include the step of validating the 
signature of the further party prior to enabling a user to digitally sign the electronic 
document. In the case of a car dealership for example, the finance manager may 
digitally sign the car loan prior to the ATM accessing the electronic document. The 
digital signature of the car dealership may be verified by the ATM prior to enabling the 
user to digitally sign the car loan. In such cases the electronic document may include 
the digital certificate associated with the further parties such as the car dealership. 
The electronic document may also include the digital certificates of the certificate 
authorities which signed the digital certificates of the further parties. 

[0099] jn the prev j 0us |y described embodiment, a financial account card of the customer 
was previously associated with the customer's digital safe deposit account, digital 



App_ID=09683944 



Page 31 of 63 



certificate, and/or private key. The exemplary embodiment may include a method for 
providing financial account cards with the ability to digitally sign electronic documents 
at an ATM. For example, a credit card issuer such as a bank may have a plurality of 
credit card accounts. As the credit card business tends to be highly competitive, 
adding a digital signing capability to the credit cards of the bank's customers may 
provide an additional incentive for the customer to carry and use the bank's issued 
credit cards. 

[0100] This described embodiment of the method may include the bank or other entity 
creating individual digital certificates, public/private key pairs, and/or digital safe 
deposit accounts for a plurality of pre-existing financial accounts such as credit card 
accounts or other financial accounts. Such individual digital certificates, public/private 
key pairs, and/or digital safe deposit accounts may be stored in association with each 
of the financial accounts on one or more servers operated by the bank or a digital 
signature service or network. 

[01 01] Figure 1 8 shows a schematic view of an exemplary embodiment of a system 700 
that may be operative to carry out this described method. Here the system 700 
includes a plurality of banks 702, 704 , or other financial organizations. Each of the 
banks includes a plurality of financial accounts 706, 708 such as credit card accounts. 
For each of these accounts, the banks may have a digital signature service or network 
entity 710 manage a digital certificate, public/private key pair, and/or digital safe 
deposit account in one or more storage servers 71 2. 

[0102] 

The exemplary embodiment of the digital signature service or network 710 
includes or is in operative communication with a host system 71 4. The host system is 
operative to provide a plurality of ATMs 716 with access to the services of the digital 
signature network 71 0. Such services may include for example the digital signing of 
electronic documents and the storage of electronic documents in digital safe deposit 
accounts. As discussed previously, customers of the banks 702, 704 may use their 
credit cards or other cards associated with financial accounts to cause an ATM to 
digitally sign electronic documents. The processing fees acquired from the signing of 
electronic documents may be transferred or assessed to at least one of the entities 
that operates the digital signature network and the banks or other card issuers. In one 
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exemplary embodiment, the processing fees may be split between the entity that 
operates the digital signature network and the banks or other card issuers. 

[01 03] To advertise that the financial accounts of the customers may be used to digitally 
sign electronic documents, the described exemplary method may include marking or 
branding the cards issued by the bank with a logo, design, or mark which indicates 
that the card may be used to digitally sign electronic documents. Such a logo may be 
a source indicator mark such as a trademark/service mark for the digital signature 
network 71 0. In addition, to enable a customer to more easily locate the ATMs 71 6 
which may be used to sign electronic documents, the ATMs 71 6 may include or output 
a matching logo. For banks or other entities with a large number of preexisting 
financial accounts such as credit cards, the exemplary embodiment of the presently 
described method may include mailing replacement credit cards to the customers 
which include a mark such as a logo which indicates that the card may be used to 
digitally sign electronic documents. In one exemplary embodiment, the customers 
may use the PIN previously associated with their financial account to access an ATM 
for purposes of digitally signing an electronic document. In other exemplary 
embodiments, the bank may supply the user with a separate password for use with 
accessing the services of the digital signature network. 



[0104] 



In some exemplary embodiments, the ATM may be operative to cause a new 
digital certificate to be created for a user for use with signing an electronic document. 
For example, if the user does not have a previously issued digital certificate, 
public/private key pair and/or digital safe deposit account associated with a smart 
card, portable computing device, financial account, credit card, and/or digital safe 
deposit account, the exemplary ATM may be operative to provide the user with a 
digital certificate, public/private key pair, and/or digital safe deposit account. In some 
exemplary embodiments, the ATM may enable the user to forward the newly created 
digital certificate to a smart card, portable storage medium, portable computing 
device, networked storage location, or other user selectable storage location or 
address for use in signing electronic documents in the future through the exemplary 
ATM or other digital signature software and devices. As will be discussed below, in 
some exemplary embodiments the ATM may enable a user to associate the newly 
created digital certificate, public/ private key pair, and/or digital safe deposit account 
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with a card selected by the user or issued to the user by the digital signature network. 

[01 05] As with regard to the fees associated with the signing of electronic documents, 
fees may also be caused to be assessed by the ATM for the creation of a digital 
certificate, a public/private key pair, and/or a digital safe deposit account. As 
discussed previously, such fees may be accessed to a financial account of the user, a 
financial account stored in association with the ATM, or a financial account associated 
with the electronic document intended to be signed. For example, as in the previously 
discussed scenario of signing electronic documents related to car loans, the ATM may 
be operative to cause the fees associated with the creation of the digital certificate to 

p be associated with the entity supplying the electronic documents such as the car 

Si dealership or financial institution issuing the loan. 

PJ- 

The described exemplary embodiment of the ATM may prompt the user to enter 
through an input device of the ATM information about the user which is to be 
integrated into and/or associated with the digital certificate. Such information may 
include the name, address, and birth date of the user. The information may also 
include the user's social security number, passport number, driver's license number, 
national identification number, student number, or any other unique number 
associated with the user. The information provided for generating the digital 
certificate may also include a user provided password or other number for use with 
creating or accessing public/private key pairs, the public key thereof being integrated 
into the digital certificate. 

[0107] 

To expedite the input of information into the ATM for generating the digital 
certificate, the ATM may be operative to retrieve user specific information for the 
digital certificate from an electronic document intended to be digitally signed using 
the ATM. For example, in the previous example scenario of a user signing loan 
documents for a car, the finance manager or other employee of the car dealership may 
input the user's name, address, social security number, birth date, drivers license 
number, and/or other user specific information into the electronic document that 
corresponds to the loan. Such information may be stored as XML data or another 
computer accessible format within or in association with the electronic document. 
Prior to the ATM enabling the user to sign the electronic document, the ATM may 
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access the user specific information associated with the electronic document. The 
information accessed from the electronic document in addition to any information 
requested to be inputted directly into the ATM by the user, may be caused to be 
integrated into a digital certificate by the ATM. In some exemplary embodiments, the 
ATM may output the user specific information through an output device of the ATM. 
The ATM may prompt the user to verify the accuracy of the information prior to 
causing digital certificate to be created. 

[01 08] In an exemplary embodiment, the ATM may cause the user specific information to 
be forwarded to a certificate authority which is operative to issue a signed digital 
P certificate for the user. In some embodiments, the ATM may forward the user specific 

J! information to the previously discussed digital signature network, storage server, 

10 and/or other server which is operative to format the digital certificate and/or interface 

tii 

, P| with the certificate authority to issue the digital certificate. 

M [01 09] In an exemplary embodiment, the digital signature network may further be 

operative to authenticate the provided user specific information by contacting a credit 
reporting service 720 or other database of user information to compare and validate 
the provided user specific information. If the user specific information is invalid, 
inconsistent, or is otherwise suspect, the exemplary digital signature network may 
return a message to the ATM which is representative of a denial to generate a digital 
certificate for the user. Such a message may indicate the reasons for the denial. 

[01 10] Exemplary embodiments of the ATM may further acquire additional information 
from the user requesting the digital certificate including a biometric input, such as a 
fingerprint scan, a digital image of the user's face, iris scan, hand scan, or any other 
input which may be representative of the identity of the user. Such information may 
be integrated into or associated with the digital certificate. Such information may also 
be used to validate the identity of the user prior to creating the digital certificate. 

[0111] Jn some exemplary embodiments, the ATM may further prompt the user to input a 
card, such as a credit card, smart card, drivers license, national identification card, or 
any other unique card which can be accessed by the card reader of the ATM to retrieve 
user specific information. Such user specific information may include an account 
number or other number stored on the card which can be forwarded to the digital 
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signature network, financial transaction processing system such as a host banking 
system, or other server to be used to authenticate the identity of the user. In some 
exemplary embodiments, the ATM may further prompt the user to input through an 
input device of the ATM, a secret password or PIN associated with the card. The ATM 
may be operative to validate the inputted secret password or PIN through 
communication with the digital signature network, host banking system, or the card 
itself. 

In some exemplary embodiments, the ATM may prompt the user to provide an 
input that indicates whether the user would like the newly created digital certificate, 
public/private key pairs and/or digital safe deposit account to be associated with a 
pre-existing financial account of the user such as a credit card or a bank card. In such 
cases, the exemplary ATM may prompt the user to insert or swipe the desired card 
through the card reader of the ATM. The account number read from the card may be 
forwarded to the digital signature network and be stored in association with the user's 
newly created digital certificate, public/private key pairs, and/or digital safe deposit 
account. The digital signature network may further notify the financial institution 
associated with the card, that the consumer has associated a digital certificate, 
public/ private key pairs and/or digital safe deposit account with the account number 
of the card. The financial institution may then issue a new card to the user, which 
includes the mark or logo of the digital signature network. 

[01 1 3] Exemplary embodiments of the ATM may also prompt the user, as to whether the 
user would like the newly created digital certificate, public/private key pairs and/or 
digital safe deposit account to be associated with other cards/numbers uniquely 
associated with the user. Such cards for example may include the user's social security 
card, drivers license card, national identification card, and student ID card. In such 
cases, the exemplary ATM may prompt the user to insert or swipe the card with the 
desired unique number stored thereon through the card reader of the ATM. The 
unique number read from the card may be forwarded to the digital signature network 
and be stored in association with the user's newly created digital certificate, 
public/private key pairs, and/or digital safe deposit account. 

[01 14] 

In some embodiments, where the newly created digital certificate, public/private 
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key pairs, and/or digital safe deposit account is not associated with a financial 
account or other unique card/number of the user, the digital signature network may 
be operative to issue the user a digital signature card for use with signing future 
electronic documents and for accessing electronic documents stored in the user's 
digital safe deposit account. The digital signature card may include stored thereon a 
unique account number associated with the newly created digital certificate, 
public/private key pairs, and/or digital safe deposit account. In one exemplary 
embodiment, the ATM may include a card issuing device which is operative to output 
the digital signature card directly to the user once the digital certificate is created. In 
further exemplary embodiments, the digital signature network may initiate the 
production of a digital signature card which is mailed to the address of the user. 

[01 1 5] Once the digital certificate, public/private key pair, and/or digital safe deposit 
account is created, the exemplary ATM may proceed to prompt the user through the 
process of signing the electronic document using the private key associated with the 
newly created digital certificate. In exemplary embodiments, where the user associates 
a financial account or other card/number with a newly created digital certificate or 
where a digital signature card is issued to the user, the ATM may prompt the user to 
input through an input device of the ATM, a secret password or PIN to be associated 
with the card for purposes of using the card in the future to sign electronic documents 
and/or for accessing electronic documents stored in the newly created digital safe 
deposit account. In the future, the user may use his/her credit card, digital signature 
card, or other card associated with the newly created digital certificate, public/private 
key pair, and/or digital safe deposit account to sign other electronic documents at the 
same ATM or other exemplary ATM connected to the exemplary digital signature 
network. As discussed previously exemplary embodiments of the ATM may prompt 
the user to enter the password or PIN associated with the card prior to enabling the 
user to sign electronic documents and/or access electronic documents for a digital 
safe deposit account with the ATM. 

[01.1 6] As s | 10wn jn Figure 1 8, the exemplary embodiment of the digital signature 

network may further be in communication with a public network such as the Internet 
71 8 to enable user to access their digital certificate, public/ private key pair, and/or 
digital safe deposit account from a home computer or other computing device. The 
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digital signature network may further provide services over the internet such as 
digitally signing electronic documents and/or storing electronic documents in a digital 
safe deposit account associated with a financial account. For example, in one 
exemplary embodiment, the digital signature network may include a web server which 
enables a user to enter his/her financial account number or other card/number and 
PIN or other password through a browser of a PC or other computing device. If the 
entered information is valid, the exemplary digital signature network may enable the 
user to sign an electronic document using the private key associated with the inputted 
financial account number or other card/numbers. The web server may further enable 
Internet users to manage electronic documents that are stored in the storage servers 
of the digital signature network 71 0, such as viewing, copying, deleting, and 
forwarding the documents to other locations and addresses. 

[01 1 7] Computer software used in operating the automated transaction machines of the 
present invention and connected computers, computer processors, and servers may 
be loaded from articles of various types into the respective computers. Such computer 
software may be included on and loaded from one or more articles such as diskettes, 
compact disks, or DVDs. Such software may also be included on articles such as hard 
disk drives, tapes, read-only memory devices, or memory cards. Other articles which 
include data representative of the instructions for operating computers in the manner 
described herein are suitable for use in achieving operation of automated transaction 
machines and associated digital signature services, networks and servers and systems 
in accordance with embodiments described herein. 

[01 1 8] The exemplary embodiments of the automated banking machines and systems 
described herein have been described with reference to particular software 
components, functions and features. Other embodiments of the invention may include 
other or different software components, digital signature algorithms, and 
cryptography components which provide similar functionality. 

[011 9] Thus the new automated transaction machine digital signature system and 

method achieves one or more of the above stated objectives, eliminates difficulties 
encountered in the use of prior devices and systems, solves problems and attains the 
desirable results described herein. 
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[01 20] In the foregoing description certain terms have been used for brevity, clarity and 
understanding, however no unnecessary limitations are to be implied therefrom 
because such terms are used for descriptive purposes and are intended to be broadly 

construed. Moreover, the descriptions and illustrations herein are by way of examples 
and the invention is not limited to the exact details shown and described. 

[01 2 1 ] In the following claims any feature described as a means for performing a function 
shall be construed as encompassing any means known to those skilled in the art to be 
capable of performing the recited function, and shall not be limited to the features 
and structures shown herein or mere equivalents thereof. The description of the 

3 exemplary embodiment included in the Abstract included herewith shall not be 

a 

II deemed to limit the invention to features described therein. 

f 

i| [01 22] Having described the features, discoveries and principles of the invention, the 

0- ■ ■ 

j» manner in which it is constructed and operated, and the advantages and useful results 

N attained; the new and useful structures, devices, elements, arrangements, parts, 

:| combinations, systems, equipment, operations, methods and relationships are set 

| forth in the appended claims. 
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